在我们的Win Server 2008 R2 Standard安装中,我需要一些Windbg输出的帮助。 这是我们的关键任务生产服务器,每2个月左右崩溃一次。 它已经做了几次了。 日志说这可能是一个驱动程序,但是哪个? 谁坠毁说:
On Tue 6/2/2015 2:36:19 PM GMT your computer crashed crash dump file: C:\Windows\Minidump\060215-12854-01.dmp This was probably caused by the following module: win32k.sys (win32k+0xC3B43) Bugcheck code: 0x3B (0xC0000005, 0xFFFFF96000123B43, 0xFFFFF8800AF02EA0, 0x0) Error: SYSTEM_SERVICE_EXCEPTION file path: C:\Windows\system32\win32k.sys product: Microsoft® Windows® Operating System company: Microsoft Corporation description: Multi-User Win32 Driver Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time. windbg输出:
******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff96000123b43, Address of the instruction which caused the bugcheck Arg3: fffff8800af02ea0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: win32k!HMAllocObject+43 fffff960`00123b43 488bbd58010000 mov rdi,qword ptr [rbp+158h] CONTEXT: fffff8800af02ea0 -- (.cxr 0xfffff8800af02ea0;r) rax=0000000000000000 rbx=0000000000000020 rcx=fffff96000319200 rdx=0000000000000000 rsi=0000000000008802 rdi=0000000000000000 rip=fffff96000123b43 rsp=fffff8800af03880 rbp=0000000000000000 r8=0000000000000010 r9=0000000000000080 r10=0000000000000000 r11=fffffa801a87a420 r12=0000000000000000 r13=0000000000000000 r14=0000000000000080 r15=0000000000000010 iopl=0 nv up ei pl nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202 win32k!HMAllocObject+0x43: fffff960`00123b43 488bbd58010000 mov rdi,qword ptr [rbp+158h] ss:0018:00000000`00000158=???????????????? Last set context: rax=0000000000000000 rbx=0000000000000020 rcx=fffff96000319200 rdx=0000000000000000 rsi=0000000000008802 rdi=0000000000000000 rip=fffff96000123b43 rsp=fffff8800af03880 rbp=0000000000000000 r8=0000000000000010 r9=0000000000000080 r10=0000000000000000 r11=fffffa801a87a420 r12=0000000000000000 r13=0000000000000000 r14=0000000000000080 r15=0000000000000010 iopl=0 nv up ei pl nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202 win32k!HMAllocObject+0x43: fffff960`00123b43 488bbd58010000 mov rdi,qword ptr [rbp+158h] ss:0018:00000000`00000158=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT_SERVER BUGCHECK_STR: 0x3B PROCESS_NAME: conhost.exe CURRENT_IRQL: 0 ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff96000123b43 STACK_TEXT: fffff880`0af03880 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!HMAllocObject+0x43 FOLLOWUP_IP: win32k!HMAllocObject+43 fffff960`00123b43 488bbd58010000 mov rdi,qword ptr [rbp+158h] SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: win32k!HMAllocObject+43 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 54372ef1 IMAGE_VERSION: 6.1.7601.18635 STACK_COMMAND: .cxr 0xfffff8800af02ea0 ; kb FAILURE_BUCKET_ID: X64_0x3B_win32k!HMAllocObject+43 BUCKET_ID: X64_0x3B_win32k!HMAllocObject+43 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0x3b_win32k!hmallocobject+43 FAILURE_ID_HASH: {9363ac24-db12-dd42-fe3b-b3a794764f0d} Followup: MachineOwner ---------
我已经在这里上传了小型转储文件,以防有人想要查看它: https ://onedrive.live.com/redir?resid=C5803CB16D4F7842!113&authkey=!ADrMX0cv07mIJpg&ithint=file%2cdmp
我也有MEMORY.DMP文件,以防有人需要更多的信息。 每当我用windbg打开它,看起来和minidump一样,有没有办法看到更深的信息呢?
当应用程序更改Windows 7 SP1和Windows Server 2008 R2 SP1中的窗口的z顺序时,停止错误0x3B
https://support.microsoft.com/kb/2965768